brendan-amex
asked on
Updating MySQL Fields with Quotes and Apostrophes
I'm trying to word my SQL query so that it won't fail when someone decides to input either a quote or an apostrophe. The problem is that I think I have to either put quotes or apostrophes around my query for it to function properly.
The user enters a value and it should be able to add to the database regardless of what they enter. How can I accomplish this?
$update and $default are the variables. Thank you.
Here's what I have for the query:
$query = "UPDATE table SET col1 = '$update1', Default = '$default1', SortSearch = $sorting1, Width = $width1 WHERE UserID = $userID";
The user enters a value and it should be able to add to the database regardless of what they enter. How can I accomplish this?
$update and $default are the variables. Thank you.
Here's what I have for the query:
$query = "UPDATE table SET col1 = '$update1', Default = '$default1', SortSearch = $sorting1, Width = $width1 WHERE UserID = $userID";
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Note that you have to make the connection to the MySQL server Before you run HainKurt's code. mysql_real_escape_string() is the recommended method.
ASKER
Great, so then how would use it on a query coming back the other way? When I try to run a SELECT query in order to populate it into an HTML form, the form is blank when I use quotes. Can I use it this way as well?
SELECT Field1, Field2 FROM table WHERE UserID = $userID;
SELECT Field1, Field2 FROM table WHERE UserID = $userID;
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to both of you, lots of help.